1. Field of the Invention
This invention relates to communications, and particularly to secure communications conducted over insecure channels using public-key methods.
2. Description of the Related Art
Communications in many media (voice, video, facsimile, data, etc.) take place over many kinds of channels (wire, radio, fiber optics, etc.). Radio communications may easily be intercepted, and wire and fiber optic communications may be intercepted by one with the requisite knowledge and equipment.
When sensitive or proprietary information is to be communicated, means are sought to ensnare that only authorized parties are permitted to receive (and in some cases, to send) such information. Many solutions involve "scrambling" or "encrypting" the information in ways that only an authorized receiving entity should be able to restructure.
In modern cryptology it is usual for each party to a conversation or transmission to employ a security device comprising digital electronic computation means to operate on digital data (voice or video signals having first been digitized) with sophisticated mathematical algorithms. Typical methods involve the use of "cryptovariables" or "keys" known only to authorized senders and authorized receivers. A sender encrypts plaintext messages into ciphertext messages using a key, and the receiver decrypts the ciphertext using that key; interceptors, presumably not knowing the key, are unable to recover the plaintext.
Since the sender and receiver may be at considerable physical remove, logistical problems arise in propagating the keys between them; secure channels must be found for the purpose, such as couriers; such secure channels tend to be slow and expensive.
To alleviate these problems, methods known as "public key" methods have been devised wherein two entities may determine a common cryptovariable upon initiation of their communication by exchanging information based on secret parameters known only to each of them, and then performing computations involving those secret parameters. The information they exchange is known as "public keys", and is subject to interception; an interceptor, presumably without access to the aforementioned secret parameters, is unable to determine the cryptovariable and thus cannot decrypt the ensuing ciphertext.
The prior-art public key methods are, however, subject to a "man-in-the-middle attack" by a "spoofer". A spoofer may intercept a call from the calling party, and place a separate call to the intended called party, concatenating the two calls with himself "in the middle"; using the aforementioned public key methods, he establishes encrypted communication with both of them (with an extremely high probability of using different cryptovariables with each); he recovers the plaintext from one according to the appropriate cryptovariable, and re-encrypts it and passes it on to the other according to the appropriate cryptovariable, having full access to all plaintext.